How to Run AI Governance Due Diligence Before You Price an AI Deal

When you back a company for the AI it builds, you are pricing the value that AI is expected to produce. Your technical team confirms the model works and is secure. Your lawyers confirm the contracts and the IP hold. The question that sits between them can decide whether that value lasts after close: can the company govern its AI?

What the other workstreams leave open

Your technical read tells you the model works. Your legal read tells you the paperwork holds. A different question sits between them. Can the company answer for what its AI does? Who has the authority to change it or shut it off. Who is accountable when it is wrong at scale. Whether the company could defend the way its AI makes decisions if a regulator asked. Most diligence assumes that governance is already there. It rarely checks, and in many AI companies it has grown up by default rather than by design.

Why this puts the return at risk

Revenue tells you the AI is working today. It does not tell you how durable that return is once you own it. What tends to separate the AI that keeps its value from the AI that quietly stops producing it is the governance around it, more than the quality of the model.

Oversight is tightening. The SEC has put AI under examination, including the claims companies make about it. States are passing their own AI laws while the federal picture stays unsettled, and agencies and regulators increasingly point to the NIST AI Risk Management Framework as the baseline. For a company that sells into the EU, the EU AI Act adds another layer, classifying whole categories of AI as high-risk. When a company's AI governance cannot hold up to that scrutiny, the return you priced is exposed: to a regulatory action, to a public failure with no one positioned to step in, to claims that outran the controls behind them. The value can be real today and fragile tomorrow, and the fragility lives in the governance.

What the assessment examines, and how it protects the return

AI governance due diligence examines whether the company's AI governance can withstand scrutiny. Whether a named person is accountable for what the AI does. Whether someone has the authority to shut down a live system. Whether the company can defend the way its AI decides in front of a regulator, a board, or an investor. Governance that meets that bar is a large part of what keeps the return durable, because it sits between the AI and the events that would erode it. The G.U.A.R.D. Framework™ is the structure behind the assessment: whether the decision rights over the AI are real, whether the company knows what its AI can and cannot do, whether a named person can halt it, whether it is governed for reputation alongside performance, and whether human judgment is built into the moments where the AI carries the most risk.

What you can put in the model

The deliverable is concrete and quantified. It shows where authority over the AI is undefined, where stopping a live system has no owner, and where the AI would fall short under NIST, ISO, or the EU AI Act, with the cost and the time to close each gap. Those numbers belong in the model the way any diligence finding with a remediation cost would. The method is forensic: an examination of how authority actually works inside the company, where accountability breaks down, and what the record shows under weight, written up so a board can act on it.

Know what you are buying, and price the right deal

A governance gap surfaced in diligence is a number to price and a plan to run after close, and the architecture the company builds can become a value lever during the hold and an asset at exit. The assessment produces a clear, documented read of where the AI is defensible and where it is exposed, early enough to price the deal in front of you rather than the one in the model. That is the buy side. The same discipline carries through the hold and into the exit, where it works to protect the value the firm has built on the way out. See how this applies across the investment lifecycle